I have an application that has a backoffice. This backoffice was isolated with the use of roles like this:
<location path="backoffice">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
But now we have another type of role that needs access. The companyadmin role.
Can I just say?:
<location path="backoffice">
<system.web>
<authorization>
<allow roles="admin,companyadmin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>